Anatomy of a Twitter Attack

December 23, 2017 by  Filed under: Computer 
 

I was happily snacking away on my lunch break here in Vancouver when suddenly my TweetDeck Twitter client sounded the alert for incoming direct messages. If you are not a Twitter user, direct messages are private messages between Twitter accounts. You can only send a direct message to someone who is following you on Twitter, no strangers allowed

I was happily snacking away on my lunch break here inVancouver when suddenly my TweetDeck Twitter client sounded the alert forincoming direct messages.If you are not a Twitter user, direct messages areprivate messages between Twitter accounts.You can only send a direct message tosomeone who is following you on Twitter, no strangers allowed.I knew thesender, so it was clear this was a new scam in progress.What was the purposein luring me to click on this URL? Penis pills? Phishing Attack? Malware? Iperformed a quick WHOIS lookup to see what I could find out.Of course thepurchaser had enabled privacy to shield their identity.DomainName:JFK(redacted).INFOCreated On:02-Nov-2009 08:24:44 UTCLast UpdatedOn:02-Nov-2009 08:47:22 UTCExpiration Date:02-Nov-2010 08:24:44 UTCThe domainwas registered yesterday morning.I visited the URL from a test computer to seewhat would happen.Hrmph.They either dont like security researchers, or, asusual, they simply dont want Canadians getting rich off their scam.The site didredirect me to another domain though, which I then looked up.Domain:ONLYFREE(redacted)ONLINE.comRecordcreated on: 2008-08-19 16:41:23.0Database last updated on: 2009-08-3110:09:56.743Domain Expires on: 2011-08-19 16:41:23.0This one was over a yearold.This is a common tactic in social media spam: Create new domains with aclean reputation and redirect these to known dirty domains further down thechain.But I still didnt know what they were shilling, so I performed somemagic, overcame my Canadian researcher problem, and finally arrived.I dutifullyregistered after reading the terms and conditions and privacy policy, a mustfor these types of sites.After a bit of legalese, I determined that my idea ofprivacy was not quite compatible with theirs.The terms and conditions state: Bysubmitting this form, I am ordering GoogleFortune for a 7-day bonus period for$1.97 billed to my credit Card; If you enjoy GoogleFortune, simply do nothing.Onthe 7th day my credit card will automatically be charged $69.97 and everymonth, thereafter.Further along it adds some more goodies: I also agree tothe 14 day and 21 day bonus trials to Rebate Millionaire and Network Agenda(redacted) for $19.95 a month and $9.95 a month thereafter.You can also see thistext in small print at the top of the billing page.At least I know my creditcard will be safe in transit, as the site is GoDaddy.com certified secure.Now Ican sit back and watch as $99.87 a month starts my new career working from home.Thesite even points out that using Google is FREE.Many Twitter users fell victimto this scam today, likely the result of a phishing attack against users of theservice.Using sites that request your username and password for social media isnever a good idea.Make sure anything requesting your Twitter credentials usesTwitter OAuth.This means your username and password are requested by Twitterand passed through to the third party application.If you are having a hard timecreating complex passwords, watch Graham Cluley make a great password fromBedrock (http://www.youtube.com/watch?v=VYzguTdOmmU).

Article Tags: Credit Card

Speak Your Mind

Tell us what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!


You must be logged in to post a comment.

Prev Post:
Next Post: